Payments Patent Potpourri: A Way For Visa To Ride The Payment Rails Faster
This is our weekly plunge into some of the more interesting patents awarded in the payments space.
Visa Needs To Ride The Rails Faster—And These Are Literally Rails
On Tuesday (Dec. 15), Visa was granted a patent that deals with how transactions can be approved quickly enough for the increasingly-popular mobile public transit payments.
The Visa Patent gave the card brand’s view of the problem: “Transit fare collection, venue entrance fee payment, and the like must be conducted offline because of transaction speed requirements, such as at a transit fare device of a subway turnstile or bus farebox. In such circumstances, there is effectively insufficient time to go on-line to the issuer for transaction approval, and still have time to process a flow of thirty to forty-five passengers per minute, as required in the typical transit environment. Some form of off-line card authentication is required to stem potential counterfeit card attacks and potential for organized fraud. Card authentication must be achieved (off line at the transit fare device) to halt use of counterfeit cards and potential for unbounded fraud. However there are no provisions for card authentication utilizing the existing MSD application. Key management is problematic in many-to-many relationships (agency’s and issuers). For instance, how do symmetric keys get exchanged ahead of time prior to creation of issuer/agency relationships? Creation of appropriate file space and management of card memory is difficult to coordinate, especially in cases where the participants (issuers and agencies) do not have relationships in advance of card issuance. Transit negative list management is an issue, because of the potential for negative lists to grow out of bounds as contactless issuance expands and/or when counterfeit card attacks occur.”
Visa then addressed—and rejected—the easiest way to address this problem: “One technique for a solution to the above problems requires that transit patrons pre-register their cards prior to first use to collect fares, at which time the keys and files may be added to the card. However, transit agencies have indicated they generally do not want everyone to have to register their cards prior to first use. Another technique for a solution requires that transit agencies and issuers have an advanced agreement and relationship prior to the card being used in transit. Under this circumstance, it is possible that the issuer place the agency keys and files on the card prior to issuance. However, transit agencies have indicated they generally do not want to have to maintain relationships with each issuer. Transit agencies would like any transit-capable card to work in their systems without pre-notification or agreement.”
Visa’s proposed (and now Patented) answer: “Transaction processing in accordance with the invention involves receiving data from an access transaction application of a portable consumer device, wherein the received data comprises data from an access transaction data string that includes a transit verification value wherein, with the exception of the transit verification value, the access transaction data string is substantially similar to a retail data string comprising retail data, wherein the access application data string is adapted for use with an access transaction processing system and the retail data string is adapted for use with a retail processing system. The transaction processing further includes processing the received data comprising the transit verification value. In this way, the invention provides payment systems that are capable of minimal transaction time processing and that ensure effective fraud prevention.”
Every Little Move She Makes Authenticates Her To PayPal
On Tuesday (Dec. 15), PayPal was issued a patent that would identify—and authenticate, for payments purposes—shoppers based on tiny motions they make while standing in a store. “The motions, which may be very small and imperceptible to an observer, may be difficult for potential attackers to observe and copy, but may be useful when magnified.”
The idea is for the store associate to prompt the user to make specific motions while at checkout. The system captures video of the motion and analyzes it and tries to match it to a previously-captured sample from that same shopper.
This technique “may be used to register motions of hand to establish a baseline so that the registered motion may be used for comparison to subsequent motions that may be used, for example, to authenticate user with remote server. For example, when user first uses authentication application, user may be required to perform motions, such as flexing fingers on hand, of which video or other images may be captured and magnified for analysis. User may be required to perform the motions multiple times until authentication application has enough information from the magnified motions to establish a baseline from which subsequent motions can be compared. In some embodiments, authentication application may establish a range of motion attributed to flexing a finger, such that a magnified motion of flexing an index finger exhibits a certain range of motion. In some embodiments, authentication application may apply one or more machine-learning algorithms to the captured motions to predict what a motion of user should be when magnified, based on the distance to imaging component, the position of hand and other factors. Moreover, authentication application may use a neural net to use fuzzy logic to attempt to match a magnified motion to an ideal or stored motion.”